Authenticators

Authenticator List

Shield provides the following Authenticators:

• Session authenticator provides traditional ID/Password authentication. It uses username/email/password to authenticate against and stores the user information in the session. See Using Session Authenticator and Session Authenticator for usage.
• AccessTokens authenticator provides stateless authentication using Personal Access Tokens passed in the HTTP headers. See Protecting an API with Access Tokens and Access Token Authenticator for usage.
• HmacSha256 authenticator provides stateless authentication using HMAC Keys. See Protecting an API with HMAC Keys and HMAC SHA256 Token Authenticator for usage.
• JWT authenticator provides stateless authentication using JSON Web Token. To use this, you need additional setup. See JWT Authentication.

In addition to the default authenticators listed above, CodeIgniter Shield allows you to build and register Custom Authenticators by implementing the AuthenticatorInterface, enabling completely project-specific authentication strategies (external providers, hardware or device challenges, or any other custom logic), while remaining fully compatible with Shield’s authentication lifecycle and its login/logout event system. For full implementation steps, see Custom Authenticator.